CVE-2021-28655

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-28655

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28655.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-28655

Aliases

GHSA-gm67-h5wr-w3cv

Published

2022-12-16T13:15:08Z

Modified

2024-09-03T03:46:51.771138Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

References

https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type: GIT
Repo: https://github.com/apache/zeppelin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ecc4455b1809c01cd17b542273be37fb1ebad8d4

Affected versions

v0.*

v0.9.0-docker

v0.9.0-preview1